${ssr{PriWhisper}}$ : Enabling Keyless Secure Acoustic Communication for Smartphones

Short-range wireless communication technologies have been used in many security-sensitive smartphone applications and services such as contactless micro payment and device pairing. Typically, the data confidentiality of the existing short-range communication systems relies on so-called “key-exchange then encryption” mechanism, which is inefficient, especially for short communication sessions. In this work, we present PriWhisper-a keyless secure acoustic short-range communication system for smartphones. It is designed to provide a software-based solution to secure smartphone communication without the key agreement phase. PriWhisper adopts the emerging friendly jamming technique from radio communication for data confidentiality. The system prototype is implemented and evaluated on several Android smartphone platforms for efficiency and usability. We theoretically and experimentally analyze the security of our proposed acoustic communication system against eavesdropping. In particular, we study the (in)separability of the data signal and jamming signal against blind signal segmentation (BSS) attacks such as independent component analysis (ICA). The result shows that PriWhisper provides sufficient security guarantees for commercial smartphone applications and yet strong compatibilities with most legacy smartphone platforms. As an application, we also develop AcousAuth-a novel smart phone-empowered system for personal authentication.